CVE-2019-0541
CVE-2019-0541
In short
A flaw in Microsoft's web rendering engine (MSHTML) allows attackers to execute malicious code on your computer when you open a specially crafted document or visit a malicious website. This affects multiple Microsoft products including Office, Excel, Word, and Internet Explorer.
Technical detail
MSHTML engine fails to properly validate input in web content, enabling remote code execution via crafted documents or web pages. Attack vector is network-based with low attack complexity; requires user interaction (opening document or visiting site). Successful exploitation grants arbitrary code execution in the context of the affected application.
Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft · Internet Explorer 10Microsoft · Internet Explorer 11Microsoft · Internet Explorer 9Microsoft · Microsoft Excel ViewerMicrosoft · Microsoft OfficeMicrosoft · Microsoft Office Word ViewerMicrosoft · Officepublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/46536/unverifiedexploitdbwww.exploit-db.com/exploits/46536unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →